How to submit spam, and falsepositive samples to EsvaLabs

Introduction

At Esvalabs we study and research existing spam campaigns in real time, keeping focused even on emerging threats.

One of the most important activities Esvalabs does is to deeply analyze any feedback from live installations: we take it seriously and any missed spam or any false positive you submit to us, will be a plus for all customers thanks to our hourly live rules updates.

Spam and False Positives samples can be submitted to Esvalabs according to any of the following methods:

  • Directly from Libra Esva Web Administration
  • With any email client as RFC-2822 attachments
  • With Esvalabs Outlook Add-in

What to do: Libra Esva Web Administration

Connect to your Libra Esva Appliance and login as administrator, next:

  1. Select Menù Reports
  2. Apply any eventually desidered filter
  3. Run Report Message Operation
  4. Select messages and hit action Submit as Spam or Submit as False Positive accordingly

What to do: Standard Email Client

It is preferred that you send samples as RFC-2822 attachments. Submitting in any other format can cause the loss of key message content, which may prevent Esvalabs from effectively analyzing the samples.

If your client has the option Forward as Attachement, use it!

  • Email spam samples to : spam@libraesva.com
  • Email false-positive spam samples to : not-spam@libraesva.com

What to do: Microsoft Outlook

It is preferred that you install native Esvalabs Outlook 2010 Add in as you will have two confortable buttons in Outlook toolbar. The Add in is compatible with Outlook 2010 & onwards versions.

Without the plugin installed proceed as follows:

  1. Create a new email message.
  2. Address it to : spam@libraesva.com or : not-spam@libraesva.com
  3. From your Inbox, select the spam email that you received (you must select the email, not the content).
  4. Drag and drop the selected item(s) into the new email. This will now be displayed as an empty email with the suspect email as an attachment.
  5. Send the email to Esvalabs at the address you selected above.

What to do: Mozilla Thunderbird

From Mozilla Thunderbird proceed as follows:

  1. Select the sample.
  2. From the toolbar choose Message > Forward > Attachment.
  3. Address it to : spam@libraesva.com or : not-spam@libraesva.com
  4. Send the email

What to do: Lotus Notes

Esvalabs specialists cannot recommend a default method for attaching RFC-2822 messages, but the following options are available:

  1. Send the message direct to your Technical Support contact:
    – Create a new email message addressed to your support contact.
    – Open the spam message, select View > Show > Page Source.
    – Copy and paste the Page Source content into the new email.
  2. Use the free third party enhancement software, ‘Open-NTF’.
    This adds a menu option, ‘Forward MIME to RFC-2822’, to the Tools button. Use this to forward the email.

Further Informations

Samples sent to Esvalabs will be deeply analyzed and may reflect in general rules update. In any case:

  • You will not receive feedback for emails messages sent to these addresses.
  • Samples sent to Esvalabs will not necessarily be considered to be, or detected as, spam.
  • If you need more information or guidance, then please contact technical support.

Copy of this whitepaper can be downloaded here: https://docs.libraesva.com/download/whitepaper-esvalabs-interaction-pdf/